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• High performance event correlation 

•Behaviour Anomaly Detection (BAD 2.0) 

• "Big data" analytics 

•Governance, Risk, Compliance 

•Cloud/multi-tenancy support 

•Active response 
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Agenda and scope 




• What this talk is about... 

- The implications of technology 
trends 

- Anticipating the emergent IT and 
security environment 

- Monitoring security when: 

• It is more important 

• It is more difficult 

- Approaches to dealing with this in a 
constructive way 
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Background 



• Mobile apps, consumerisation and "bring your own device" are here 

• Users / Customers increasingly expect to access systems via mobile / 
personal devices 

• Cloud computing is well along the hype curve - its use and 
pervasiveness is growing 



Social media is already a more "normal" way of working than email 
for many people 
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The old "Office of the Future" 
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The "Office of the Future" 








This is starting to be known as the 
"externalised organisation" 

A greater focus and proportion of IT 
delivery / use happens outside 
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ConclUSiOnS- 



Security teams face a real challenge 

•Data isn't where it used to be 

•The network is going beyond just losing its perimeter to being completely 

external 

•You have a lot less control over the front and back end platforms (i.e. none) 

• People are working and communicating differently (e.g. social media) 



Some new approaches are necessary... 
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More diversity and complexity in monitoring and 

control 



• Windows 
•Unix 

• Mainframe 




•Web 

• Client/Server 

• Databases 



• LAN/WAN 
•VPN 

• Remote Access 




• Firewalls 
•AV 

• IDS/IPS 

• ID&AM 




HUNTSMAN 



"Fier-3^ 



Future-proof, advanced SIEM solutions 





• Ability to consider the platform and the hypervisor layer 

• Multi-tenancy increasingly going to be demanded by platform suppliers 

• Ability to monitor service levels and risk currently rare 






• Are there ways to track access, misuse, anomalous go away 




mm 


• MDM platforms and staff mobility management 

• Custom apps - does log data come from the user device or the back-end 

• What will mobile payments mean - esp. for carriers, banks, retailers 








• Activity on internal and external systems 

• Social media monitoring - legality, effectiveness and feasibility 

• What about the wider communications environment 








• Increasingly rich market for "cyber security solutions" which add to the controls 
portfolio 



Agility within the 

organisation and in its 

security partners will be 

key 



Check suppliers have got 

these trends on their 

radar 



Operations will require 
"intelligent" SIEM 
solutions to meet 
business d< 
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Future security operations 





ion to collect 
and why 
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Security teams are used to drawing a balance between benefit and risk 
•what data we collect and its value 

Industry (more widely) is starting to invest in, and discover, the value of 
data analytics 

In security, the wider benefits of "big data" 

involves different parameters ... more data means: 

• Improved fraud analytic capability 

•Better customer profiling 

•More context 

•Better diagnostics (and anticipation) 

AND 

•Greater visibility around security threats, risks, attacks 




More uses / Bigger audience 
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and then making sure we can 
rotect it 
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Growth of security/customer/fraud/business data from the mobile computing environment can: 

•Challenge privacy obligations 

•Give security teams another (and higher impact) data set to protect 

Need to evolve security stance - even simple "big data" examples could raise the risk levels much 

higher 



Cloud changes the way we deliver IT 
Must ensure we have the right 
fraud, activity data available 



Must ensure we have the right tools and approaches to gain the maximum value from the security, 



Social media exposes users, and gives business new ways to interact 

Usage and brand management need monitoring - threat awareness becomes a tangible advantage 
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• The value of (all) data is increasing 

• More mobile and app-oriented environment and wider adoption of external services 

... security logs, behaviour anomaly detection, cyber threat detection and analytics more critical 
... businesses increasingly looking to drive efficiencies and interaction 

• We have to acknowledge these trends and ensure that we adequately protect business 
information 

• Gaining visibility - and keeping it - is vital 
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Finally... 


Time for questions 




Or: 




Find me at Tier-3's stand 




piers.wilson@tier-3.com 

+44(0)7800 508517 

www.tier-3.com @tier3huntsman 
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